MagicMirror: Towards High-Coverage Fuzzing of Smart Contracts
A smart contract is often used to handle financial transactions. Unlike traditional programs, contract code cannot be changed after it is deployed. It is important to test smart contracts thoroughly before deployment. In this paper, we present a fuzzing approach to testing smart contracts. Our fuzzing approach utilizes constraint solving, selective state exploration, and combinatorial testing to improve code coverage. Constraint solving is used to generate test inputs that meet preconditions in a smart contract. Selective state exploration allows different state-dependent behaviors to be exercised while alleviating the state explosion problem. Combinatorial testing is used together with fuzzing to make the testing process more efficient. We implemented our approach in a tool called MagicMirror and evaluated our approach using more than 2,000 contracts. The experimental results show that MagicMirror is effective for achieving high code coverage and detecting vulnerabilities.
Mon 17 AprDisplayed time zone: Dublin change
16:00 - 18:00 | Session 7: Testing for Safery & Security Industry / Research Papers / Journal-First Papers / Previous Editions at Hanover Chair(s): Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM | ||
16:00 20mTalk | Learning Non-robustness using Simulation-based Testing: a Network Traffic-shaping Case Study Industry Baharin Aliashrafi Jodat University of Ottawa, Shiva Nejati University of Ottawa, Mehrdad Sabetzadeh University of Ottawa, Patricio Saavedra RabbitRun Technologies Inc Pre-print | ||
16:20 20mTalk | Test environments for large-scale software systems – an industrial study of intrinsic and extrinsic success factors Journal-First Papers | ||
16:40 20mTalk | Assessing the Effectiveness of Input and Output Coverage Criteria for Testing Quantum Programs Previous Editions Shaukat Ali Simula Research Laboratory, Paolo Arcaini National Institute of Informatics
, Xinyi Wang , Tao Yue Simula Research Laboratory DOI | ||
17:00 20mTalk | Heap Fuzzing: Automatic Garbage Collection Testing with Directed Random Events Research Papers Guillermo Polito Inria, Cristal, UMR 9189, Université de Lille, Pablo Tesone Univ. Lille, Inria, CNRS, Centrale Lille, UMR 9189 CRIStAL, Pharo Consortium, Jean Privat Université du Québec à Montréal (UQAM), Nahuel Palumbo Université Lille, CNRS, Centrale Lille, Inria, UMR 9189 - CRIStAL, Stéphane Ducasse Inria; University of Lille; CNRS; Centrale Lille; CRIStAL | ||
17:20 20mTalk | MagicMirror: Towards High-Coverage Fuzzing of Smart Contracts Research Papers Huadong Feng University of Texas at Arlington, Xiaolei Ren University of Texas at Arlington, Qiping Wei University of Texas at Arlington, Jeff Yu Lei University of Texas at Arlington, Raghu Kacker National Institute of Standards and Technology, Richard Kuhn National Institute of Standards and Technology, Dimitris Simos SBA Research | ||